Some user accounts are set up so that use of S3 requires the use of a physical or virtual security device to enable the transaction. This is impractical for a batch job, so the Teradata Access Module for S3 supports use of a temporary, time-limited session token consisting of a temporary ID, Secret Key, and Security Token.
Use the AWS CLI with your credentials to obtain the three values:
aws sts get-session-token
This syntax assumes aws_access_key_id and aws_secret_access_key exist in your credentials file.
You will get a temporary AccessKeyId, SecretAccessKey, and SessionToken. These values map to Initialization String parameters as follows:
- AccessKeyId → S3AccessId
- SecretAccessKey → S3AccessKey
- SessionToken → S3SecurityToken
You can also add these parameters and their values to a profile in your credentials file under a profile section with a name like [temp_credentials], and then specify that profile in your TPT script.
- AccessKeyId → aws_access_key_id
- SecretAccessKey → aws_secret_access_key
- SessionToken → aws_session_token
To conceal these parameters, store these values in Teradata Wallet, or specify them on the Initialization String.
If your account requires Multi-Factor Authentication, see Multi-Factor Authentication.